Filtering
Stateful Rules

States indexed in a red-black tree
State searches are faster than rule lookup
States increase security
Can control who initiates a connection
TCP segments must be within window
reset must be on edge of window

